Interesting paper by Steve Bellovin - Worm propagation in a v6 internet

• Previous message (by thread): Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
• Next message (by thread): Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Wed, 15 Feb 2006, Mark Andrews wrote:
> 
> >     One of method missing is doing top down random walks of ip6.arpa.
> 
> That's only easy if delegation were on a per-nybble basis, which is commonly
> not the case.  Because there are not typically NS's at every nybble level,
> you have to do more than one hex digit's worth of randomness in the scan in
> order to find a next-level delegation, increasing the cost of scanning that
> namespace quite a bit.
> 
> (Having delegations at every nybble level would be ... alarming at best,
> given the amount of PTR redirection that implies.  :)
> 
> -- 
> -- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>

	I suggest that you re-read RFC 1034 and RFC 1035.  A empty
	node returns NOERROR.  A non-existant node returns NXDOMAIN
	(Name Error).

e.a.e.e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa PTR drugs.dv.isc.org

	causes all of the following to exist.

	a.e.e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	e.e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
	f.1.0.7.4.0.1.0.0.2.ip6.arpa
	1.0.7.4.0.1.0.0.2.ip6.arpa
	0.7.4.0.1.0.0.2.ip6.arpa
	7.4.0.1.0.0.2.ip6.arpa
	4.0.1.0.0.2.ip6.arpa
	0.1.0.0.2.ip6.arpa
	1.0.0.2.ip6.arpa
	0.0.2.ip6.arpa
	0.2.ip6.arpa
	2.ip6.arpa
	ip6.arpa
	arpa
	.

	A query for any of them regardless of type should return something
	other than NXDOMAIN.

	Also wildcards won't save you as it is possible to detect them.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

• Previous message (by thread): Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
• Next message (by thread): Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]